PYSEC-2021-103

Wagtail is an open source content management system built on Django. A cross-site scripting vulnerability exists in versions 2.13-2.13.1, versions 2.12-2.12.4, and versions prior to 2.11.8. When the % includeblock % template tag is used to output the value of a plain-text StreamField block...

CVE-2020-20907

MetInfo 7.0 beta is affected by a file modification vulnerability. Attackers can delete and modify ini files in app/system/language/admin/languagegeneral.class.php and app/system/include/function/file.func.php...

GHSA-QM28-7HQV-WG5J OS Command Injection in ng-packagr

The package ng-packagr before 10.1.1 are vulnerable to Command Injection via the styleIncludePaths option...

SUSE: Security Advisory (SUSE-SU-2018:2162-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Code injection

TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with for example OS commands in the opt parameter...

CVE-2020-15568

TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with for example OS commands in the opt parameter...

UBUNTU-CVE-2021-20187

It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication...

CVE-2021-20187

CVE-2021-20187 affects Moodle prior to versions 3.10.1, 3.9.4, 3.8.7 and 3.5.16. The issue allows site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication. The connected documents confirm the vulnerable condition and the root cause, but do not p...

Exploit for Path Traversal in Intelbras Tip200_Firmware

PoC exploit for CVE-2020-13886, a Local File Include LFI vulnerability in Intelbras TIP 200/200 LITE/TIP 300 devices. The exploit targets the /cgi-bin/cgiServer.exx?page= parameter, allowing an attacker to read sensitive files on the device. The poc.py script takes two user inputs: the URL...

PT-2021-2238 · Moodle +1 · Moodle +1

Name of the Vulnerable Software and Affected Versions: Moodle versions prior to 3.10.1 Moodle versions prior to 3.9.4 Moodle versions prior to 3.8.7 Moodle versions prior to 3.5.16 Description: The issue is related to the implementation of Shibboleth authentication technology in Moodle, which is...

UBUNTU-CVE-2020-17508

The ATS ESI plugin has a memory disclosure vulnerability. If you are running the plugin please upgrade. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected...

TerraMaster TOS Remote Code Execution Vulnerability

TerraMaster TOS is a Linux-based operating system developed for TerraMaster Cloud Storage NAS servers. A remote code execution vulnerability exists in TerraMaster TOS 4.2.06 and earlier versions. An attacker can exploit this vulnerability to execute commands without authentication via shell...

铁威马 TerraMaster TOS 操作系统命令注入漏洞

TerraMaster TOS is a Linux-based operating system developed for TerraMaster Cloud Storage NAS servers. A remote code execution vulnerability exists in TerraMaster TOS 4.2.06 and earlier versions. An attacker can exploit this vulnerability to execute commands without authentication via shell...

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2018-5407,CVE-2020-1967,CVE-2018-0734,CVE-2019-1563,CVE-2019-1549,CVE-2019-1552,CVE-2019-1559,CVE-2018-0735)

Summary There is a security advisory for openSSL1.0.2p which is used by IBM Tivoli Netcool System Service Monitors/Application Service Monitors 4.0.1 Vulnerability Details CVEID: CVE-2018-5407 DESCRIPTION: Multiple SMT/Hyper-Threading architectures and processors could allow a local attacker to...

Apache Traffic Server 信息泄露漏洞

Apache Traffic Server ATS is the United States Apache Apache Software Foundation's set of scalable HTTP proxy and caching server. An information disclosure vulnerability exists in the Apache Traffic Server product, which can be exploited by a local attacker to read memory fragments and obtain...

Joomla Plugin Simple Image Gallery Extended (SIGE) 3.5.3 - Multiple Vulnerabilities

Exploit Title: Joomla Plugin Simple Image Gallery Extended SIGE 3.5.3 - Multiple Vulnerabilities Exploit Author: Vulnerability-Lab Date: 2020-11-11 Vendor Homepage: https://kubik-rubik.de/sige-simple-image-gallery-extended Software Link: https://kubik-rubik.de/sige-simple-image-gallery-extended...

SIGE 3.4.1 / 3.5.3 Pro Cross Site Scripting / Remote File Inclusion

Document Title: =============== SIGE Joomla 3.4.1 & 3.5.3 Pro - Multiple Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2265 Release Date: ============= 2020-11-11 Vulnerability Laboratory ID VL-ID: ====================================...

CVE-2020-7472

An authorization bypass and PHP local-file-include vulnerability in the installation component of SugarCRM before 8.0, 8.0 before 8.0.7, 9.0 before 9.0.4, and 10.0 before 10.0.0 allows for unauthenticated remote code execution against a configured SugarCRM instance via crafted HTTP requests. This...

Authorization

An authorization bypass and PHP local-file-include vulnerability in the installation component of SugarCRM before 8.0, 8.0 before 8.0.7, 9.0 before 9.0.4, and 10.0 before 10.0.0 allows for unauthenticated remote code execution against a configured SugarCRM instance via crafted HTTP requests. This...

CVE-2020-7472

This entry documents an unauthenticated remote code execution in SugarCRM via an authorization bypass and PHP local-file-include in the installation component. Affected versions include SugarCRM prior to 8.0, with 8.0 prior to 8.0.7, 9.0 prior to 9.0.4, and 10.0 prior to 10.0.0. The vulnerability...